Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not support the video tag.

AI isn’t the future, it’s here. Your CEO’s talking about it in board meetings. Your manager wants to know if it'll save time or just add more work. And you? You're wondering if it's going to make your job easier or just add noise. The excitement is justified. McKinsey says nearly 80% of companies are using AI somewhere in their business. But here's what most people miss: very few have gotten it to work across their entire organization. Why?

CISA has just added a new CVE regarding SMB, with a very high CVSS rating. CVE-2025-33073 is a high-severity (CVSS 8.8) vulnerability in the Windows SMB client caused by improper access control (CWE-284). An authenticated attacker can exploit it over the network to gain elevated privileges. Microsoft has issued guidance on how it should be patched and CalCom recommend this be done immediately.

Trust is the foundation of the digital world. Every time a customer visits a website, processes a financial transaction, or connects to a business application, that trust is validated by TLS certificates. For years, TLS certificate lifespans stretched comfortably to 13 months or longer, giving teams ample time to track and renew them before they expired and caused an application outage. In some situations, even manual renewals were viable for longer lifespan certificates. That era is ending.

Zenity Labs worked in collaboration with MITRE ATLAS to incorporate the first 14 agent-focused techniques and subtechniques, extending the framework beyond LLM threats to cover the unique risks posed by AI agents.

Today, Mend.io is expanding its AppSec capabilities to secure the five most popular agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.

At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.

Cloud computing is now central to company operations, but it can also be an opportunity for hackers. As of late last year, 80% of organizations experienced more frequent cloud attacks. Strengthening security is essential. Clear, actionable cloud security tips help protect digital assets with minimal complexity. As companies migrate more services and data to cloud environments, risks grow and become harder to detect.